[Date Prev][Date Next] [Chronological] [Thread] [Top]

Emulating replication from an LDAP client (not another slapd)

To: openldap-software@openldap.org
Subject: Emulating replication from an LDAP client (not another slapd)
From: Brandon Hume <hume-ol@bofh.ca>
Date: Thu, 10 Sep 2009 15:23:40 -0300

Most of my organization's data is kept in LDAP, along with groups and
affiliations and titles and positions and everything else.  We've got a
simple single-master, multi-slave setup, built back in the OpenLDAP 2.0
days.

We also have a provisioning service, which essentially monitors LDAP,
and as new people arrive, change position, or what have you, it runs off
and provisions accounts, mailboxes, services and permissions as needed
for the person, all automatically.

Currently, this monitoring - trying to keep it as "live" as possible -
is done by essentially making the provisioning server an LDAP replicant,
using slurpd.  It works "well enough", though it has some problems.

But slurpd is going away, and I'm trying to kill it off in our
structure.  The provisioning server is one of the last holdouts.

So my question is this: Is it possible for me to write some code, using
perl or C or whatever is needed, that will connect as a syncrepl
consumer, and "refresh and persist"?  Are there docs for how the
synchronization protocol works?  Is it just an odd LDAP query?

Follow-Ups:
- Re: Emulating replication from an LDAP client (not another slapd)
  - From: Jonathan Clarke <jonathan@phillipoux.net>
- Re: Emulating replication from an LDAP client (not another slapd)
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>

Prev by Date: set.regex and substring substitution
Next by Date: Re: TLS negotiation failure
Index(es):
- Chronological
- Thread